Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices. The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security firm Theori, five weeks after privately disclosing it to the Linux kernel security team. READ MORE...
Two former cybersecurity professionals who moonlighted as cybercriminals, committing a series of ransomware attacks in 2023, were each sentenced to four years in prison, the Justice Department said Thursday. Ryan Clifford Goldberg and Kevin Tyler Martin previously pleaded guilty to one of three charges brought against them in December and faced up to 20 years behind bars. Goldberg and Martin collaborated with Angelo John Martino III to attack victim computers and networks. READ MORE...
Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant. "I can confirm that Canonical's web infrastructure is under a sustained, cross-border Distributed Denial of Service (DDoS) attack" a Canonical spokesperson told The Register. "Our teams are working to restore full availability to all affected services. We will provide updates in our official channels as soon as we are able to." READ MORE...
A new alert issued by the FBI warns of a surge in cyber-enabled cargo theft, with hackers targeting both brokers and carriers in sophisticated attacks. The FBI's warning is not surprising. In late 2025, cybersecurity firm Proofpoint reported observing such attacks. At around the same time, the National Motor Freight Traffic Association (NMFTA) warned the logistics and transportation industry that traditional cargo theft is being rapidly replaced by cyber-enabled heists. READ MORE...
TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack. The compromised packages went live Wednesday and were quickly spotted by several cybersecurity vendors, including Wiz, Socket, and Aikido Security. Four npm packages for SAP's Cloud Application Programming Model (CAP) and Cloud MTA Build Tool (MBT) were injected with malicious preinstall scripts that execute once the dependency is installed. READ MORE...
Threat actors are using trojanized shared files to distribute malware via AI distribution platforms such as Hugging Face and ClawHub, Acronis reports. The attacks do not compromise AI agents, but rely on social engineering to trick users into downloading files containing malicious code designed to execute commands, fetch payloads, and install hidden dependencies. Both platforms allow developers to easily share code, and threat actors are abusing users' trust in them for nefarious purposes. READ MORE...
On April 7, Anthropic announced that its latest version of the large language model (LLM) Claude, dubbed Mythos, was here and displaying a shocking ability to find and exploit software vulnerabilities at machine, even industrialized speed. The implications of an AI red teamer on the loose, accessible potentially to threat actors, and able to be turned against any system in the world in an instant, has inspired alarm for governments and around the cybersecurity sector. READ MORE...
Security researchers are warning about a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM). This is a critical, actively exploited authentication-bypass bug in cPanel/WHM that lets attackers gain administrative access to the interface without credentials, potentially take over servers and all hosted sites. The vulnerability has been added to the Known Exploited Vulnerabilities catalog by CISA. READ MORE...